Re: Checking for old web browsers and media plugins

[Gary Flynn <flynngn () JMU EDU>]

Dean De Beer wrote:
> Actually, I'm doing something similar right now. We have a series of
> scripts that collect browser, OS and plugin info and write that data to
> a database. The scripts are embedded on our NAC portal page which
> requires the student to register/authenticate. This way we are able to
> map that information back to a MAC address and student ID. When we see
> any driveby website traffic we can determine if the user would have been
> infected or not based on their current plugins/patches. Not ideal but
> it's better than trying to report on every device as potentially
> infected. We are looking to add this to our intranet page that opens up
> on all staff workstations as the browser homepage.
>
> /dean
>
> On Wed, Feb 18, 2009 at 2:25 PM, Bob Bayn <bob.bayn () usu edu
> <mailto:bob.bayn () usu edu>> wrote:
>
>     We've seen some drive-by compromises here lately.  We run weekly
>     Nessus scans every week against all of our active IPs but those
>     scans don't discover things like old web browsers or missing updates
>     on various media plugins.  We are wondering if it would be
>     productive to put some detection and reporting of obsolete browser
>     or media plugins into some of our commonly used local web pages
>     (access to our CMS or ERP) so we can encourage some updating before
>     the drive-by events happen.  Is anybody doing this or considering it?



EXCELLENT IDEA!!!!!!!




--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature